Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2022-12-19 CVE-2022-40607 Path Traversal vulnerability in IBM Spectrum Scale
IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem.
network
low complexity
ibm CWE-22
6.8
2022-12-19 CVE-2022-41418 Path Traversal vulnerability in Blogengine Blogengine.Net 3.3.8.0
An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.
network
low complexity
blogengine CWE-22
7.2
2022-12-19 CVE-2022-4063 Path Traversal vulnerability in Pluginus Inpost Gallery 2.1.4.1
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers.
network
low complexity
pluginus CWE-22
critical
9.8
2022-12-17 CVE-2022-23531 Path Traversal vulnerability in Datadoghq Guarddog
GuardDog is a CLI tool to identify malicious PyPI packages.
local
low complexity
datadoghq CWE-22
7.8
2022-12-16 CVE-2022-20505 Path Traversal vulnerability in Google Android 13.0
In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error.
local
low complexity
google CWE-22
6.7
2022-12-16 CVE-2022-46137 Path Traversal vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 is vulnerable to Directory Traversal.
network
low complexity
aerocms-project CWE-22
7.5
2022-12-15 CVE-2022-45969 Path Traversal vulnerability in Alist Project Alist 3.4.0
Alist v3.4.0 is vulnerable to Directory Traversal,
network
low complexity
alist-project CWE-22
critical
9.8
2022-12-15 CVE-2022-4511 Path Traversal vulnerability in Docsys Project Docsys
A vulnerability has been found in RainyGao DocSys and classified as critical.
network
low complexity
docsys-project CWE-22
7.5
2022-12-15 CVE-2020-24855 Path Traversal vulnerability in Easyjs Easywebpack-Cli
Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allows attackers to obtain sensitive information via crafted GET request.
network
low complexity
easyjs CWE-22
5.3
2022-12-14 CVE-2022-31703 Path Traversal vulnerability in VMWare Vrealize LOG Insight
The vRealize Log Insight contains a Directory Traversal Vulnerability.
network
low complexity
vmware CWE-22
7.5